News & Commentary

Content tagged with Compliance posted in May 2013
Endpoint Security
News  |  5/30/2013
End user security requires layers of tools and training as employees use more devices and apps
Fact Check: Endpoints Are The New Perimeter
Commentary  |  5/29/2013
Have endpoints been a perimeter and, if so, what should you do?
Gathering More Security Data From Your Endpoints
News  |  5/28/2013
Endpoint security intelligence and controls have not kept pace with similar visibility and management of the network
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
News  |  5/23/2013
Security is a central driver in enterprise Governance, Risk and Compliance initiatives, experts say
Barracuda Networks Acquires SignNow To Fuel Cloud Data Storage Growth
News  |  5/22/2013
SignNow by Barracuda allows users to sign and send documents from anywhere or any device
IDs Of 22 Million At Risk Following Breach At Yahoo Japan
Quick Hits  |  5/21/2013
Yahoo Japan officials say they "can't deny the possibility" of epic data breach
Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures
News  |  5/20/2013
Black Hat announces three more featured talks
Mapping Compliance Proof To Risk-Based Controls
News  |  5/17/2013
Risk-based security decisions usually yield more secure environments, but some harmonization with regulations needs to be done to prove compliance
The Future Of Web Authentication
News  |  5/16/2013
After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity.
Is Application Sandboxing The Next Endpoint Security Must-Have?
News  |  5/14/2013
Virtualized containers expected to catch on in the enterprise, but the technology has its weaknesses, too
Use A Human Trust Model For Endpoints
Commentary  |  5/13/2013
Use anthropomorphic references to engage your brain and strengthen your approach to security
Panic Now
Commentary  |  5/8/2013
There is a big difference between panic and anxiety
5 Ways For SMBs To Boost Security But Not Costs
News  |  5/6/2013
Straight-shooting advice--and some out-of-the-box thinking--on how smaller companies can save money on security while doing it better
Five Habits Of Highly Successful Malware
News  |  5/2/2013
It's no secret that malware is dodging defenses; security experts pinpoint successful strategies, including the use of real-time communications, frequent disguises, and laying low
Learning From Auditor War Stories
News  |  5/1/2013
Stories of IT missteps and unforeseen disasters while auditors are on-site can point to important lessons for preparing for compliance and security

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo Global,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.