News & Commentary

Content tagged with Compliance posted in June 2007
CSRF Bug Runs Rampant
News  |  6/26/2007
Vulnerabilty found in Check Point, various firewalls, UTM appliances, routers, storage systems, and other devices managed with Web interfaces
Killing That 'Man in the Browser'
News  |  6/26/2007
TriCipher to unveil transaction security tool today
Hacking Truckers
News  |  6/25/2007
Researchers discover that the contents of a truck's haul are wide open to hackers via RFID
'You're Now Free to Move About the Company'
News  |  6/21/2007
American Airlines pilots discover major vulnerability in company's intranet
People, Not Passwords, Are the Problem
News  |  6/20/2007
UK government study says end users still don't know how to protect their passwords online
PatchLink Buys SecureWave
News  |  6/19/2007
Deal merges endpoint security with patch management, vulnerability assessment
Stonesoft Seeks to Open Up VPNs
News  |  6/18/2007
New SSL VPN products don't discriminate against mobile devices, non-employees
Server Room Follies
News  |  6/18/2007
In which pizza and soda are shown to be more powerful than a crowbar for breaking and entering
A New Approach to Database Security
News  |  6/15/2007
Startup Sentrigo prepares to launch Hedgehog, a new tool that works at the cache memory level
Eight Vulnerabilities You May Have Missed
News  |  6/15/2007
With all the security vulnerabilities in the news, here's a look at some dangers that few are talking about
Survey: 1 in 4 WLANs Unsecured
News  |  6/13/2007
RSA survey finds more WLANs, but not much security
Authentication Goes USB Route
News  |  6/13/2007
TriCipher to debut smart drive-based, multi-factor authentication for $2 to $3 per user
Pfizer Falls Victim to P2P Hack
News  |  6/12/2007
Attackers access personal information on 17,000 employees via laptop vulnerability
Architect's Many Identities
News  |  6/11/2007
Dale Olds, creator of Novell's eDirectory, talks open-source ID, tuba photography, and how not to configure your home firewall
Attackers Break Into UVA Database
News  |  6/11/2007
Personal data on nearly 6,000 former and current faculty members at the University of Virginia was compromised
P2P's Unintended Leaks
News  |  6/8/2007
Or, how file-hungry music and video fans might download business-sensitive data
Security's Soft Underbelly
News  |  6/5/2007
Many companies secure the walls, but databases remain the soft, chewy center
EMC Secures Verid
News  |  6/4/2007
Vendor continues its security spending tear, picking up authentication specialist Verid

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.