News & Commentary

Content tagged with Compliance posted in May 2009
Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool
Quick Hits  |  5/28/2009  | 
L0phtCrack is back: Former members of L0pht Heavy Industries retool their tool after buying it back from Symantec
Study: 'Secret Security Questions' Can Be Guessed By Insiders
Quick Hits  |  5/21/2009  | 
Ability to guess the answers to second-level security questions goes up significantly if the guesser knows the account holder, study says
Pirated Windows 7 OS Comes With Trojan, Builds A Botnet
News  |  5/12/2009  | 
At its peak, the Trojan-infested counterfeit version of Microsoft's prerelease version of Windows 7 was infecting more than 200 PCs an hour
SMBs Often Hit Hardest By Botnets
News  |  5/6/2009  | 
Bot infections, spam can be 'silent killer' for SMBs due to drain on email servers, network resources
Researchers Take Over Dangerous Botnet
News  |  5/4/2009  | 
Computer scientists at the University of California-Santa Barbara expose details of infamous botnet known for stealing financial data after temporarily wresting control of it


Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.