Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in May 2007
VeriSign's CEO Signs Off
News  |  5/29/2007  | 
Analysts say company could get fresh start as Sclavos walks after 12-year tenure
Microsoft Takes Aim at Endpoint
News  |  5/25/2007  | 
Microsoft says Network Access Protection (NAP), SSL VPN gateway will play nicely together
Wireless: Fix, Not Flaw
News  |  5/25/2007  | 
New applications help WiFi shed its image as enterprises' biggest network vulnerability
NAC Vendors in the Hot Seat
News  |  5/24/2007  | 
Cisco, Microsoft shared the dais, and their thoughts on NAC, here yesterday at Interop
New Spec Could Cut Phishing, Spam
News  |  5/23/2007  | 
IETF approves email signature standard pioneered by Yahoo!, Cisco
Seven Habits of Highly Malicious Hackers
News  |  5/18/2007  | 
Interop session details the anatomy of a hacker attack, step-by-step
Microsoft Meets Xbox Hacker
News  |  5/16/2007  | 
At Blue Hat Security Briefings, hackers school Microsoft on threats
IBM, Symantec Tackle Compliance
News  |  5/15/2007  | 
New tools and strategies promise to cut costs, speed projects; now they have to deliver
Bumpy Road Ahead
News  |  5/15/2007  | 
We can't always anticipate security issues... But we can try
Verizon Grabs Cybertrust
News  |  5/14/2007  | 
Merger sets stage for clash of telecom titans
SSL VPN From Your Smartphone
News  |  5/14/2007  | 
Secure VPN access to corporate apps from Windows smartphones
California Hammers on E-Voting
News  |  5/10/2007  | 
Comprehensive audit and penetration test designed to end voters' fears about electronic voting
RFID Security Service, Tools on Tap
News  |  5/10/2007  | 
New audit service and appliance to target RFID customers looking to lock down their systems
Mizzou's Help Desk Hack
News  |  5/9/2007  | 
Attacker accesses more than 22,000 student records by cracking university's computer trouble-reporting system
Symantec Readies New Client Tools
News  |  5/7/2007  | 
CTO, research VP offer glimpse at company's product drawing board
Trust & Deception
News  |  5/7/2007  | 
They're both actively at work in infosec, and new attacks take equal advantage of them
SEC: WFI Insider Stole $7.7M
News  |  5/3/2007  | 
Stock options manager accused of abusing access rights to embezzle 700,000 shares from wireless security firm
DR's 10 Most Popular Stories Ever
News  |  5/2/2007  | 
Our first year featured thumb-drive lures, lax end users, dumb smart cards, myths, and a Microsoft misstep


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3243
PUBLISHED: 2021-04-15
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.
CVE-2021-29448
PUBLISHED: 2021-04-15
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
CVE-2021-30138
PUBLISHED: 2021-04-15
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-27112
PUBLISHED: 2021-04-15
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
CVE-2021-20288
PUBLISHED: 2021-04-15
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associa...