News & Commentary

Content tagged with Compliance posted in June 2008
Survey: Unstructured Data a Security Nightmare
Quick Hits  |  6/30/2008  | 
New Ponemon Institute report finds organizations don't have a grip on access to data on file servers, network-attached storage
TV Guide/Comcast Joint Venture Gets NAC
News  |  6/27/2008  | 
GuideWorks adds mobile, visiting users to its network with TippingPoint appliance
Google, Microsoft Back Security & Privacy Framework for Online Health Data
Quick Hits  |  6/25/2008  | 
The Common Framework for Networked Personal Health Information defines best practices for protecting patient data for online access
Microsoft, Novell, Oracle, PayPal, Others Launch New Digital ID Forum
Quick Hits  |  6/23/2008  | 
Nonprofit Information Card Forum established to unite various industry efforts for building online information identities to replace the username/password model
Filling Out Forms: Still a Dangerous Game
News  |  6/20/2008  | 
Despite upgrades and fixes, most browsers are still vulnerable to attacks via Web forms, researcher says
New Worm Spawns More Than 8M Spam Messages
Quick Hits  |  6/20/2008  | 
Fake news come-ons lead to infected porn site
ID Protection Startup Prepares Commercial Push
News  |  6/19/2008  | 
After completing identity theft study and numerous breach response engagements, Debix says it's good to go
Stolen Healthcare, Airline Credentials Found on Servers
News  |  6/18/2008  | 
Researchers at Finjan say cybercriminals are looking beyond stolen credit card accounts
GAO: There Ought to Be a Law
Quick Hits  |  6/18/2008  | 
Government's ability to extract and manipulate personal data is too broad, watchdog agency says
Could a Smartphone Solve the Notebook Security Problem?
News  |  6/18/2008  | 
Maybe instead of looking at them as a new problem, we should consider smartphones as a potential security solution
Verizon Study Links External Hacks to Internal Mistakes
News  |  6/12/2008  | 
Most breaches come from outside the company, but they are often triggered by unfound errors on the inside
Cybercrime Outranks Other Crimes on Europeans' Worry List
Quick Hits  |  6/11/2008  | 
Almost half of German PC users believe they will eventually fall victim
Mind-Reading: The Next Great Privacy Debate?
Quick Hits  |  6/9/2008  | 
New MRI technology lets doctors see images in your mind - now there's a scary thought
New Virus Lets Attackers Hold Data for Ransom
Quick Hits  |  6/6/2008  | 
Gpcode variant encrypts many file types with strong key; attackers ask for a bounty to decrypt
Gartner Details Real-Time 'Adaptive' Security Infrastructure
News  |  6/3/2008  | 
Future security model addresses arrival of multiple perimeters, mobile users
Army Hospital Breach May Be Result of P2P Leak
News  |  6/3/2008  | 
Data loss at Walter Reed exposed personal information on 1,000 soldiers
At Gartner Summit, Experts Question Security's Future
News  |  6/2/2008  | 
Analysts, sci-fi authors challenge security pros to rethink the status quo


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVE-2018-17432
PUBLISHED: 2018-09-24
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVE-2018-17433
PUBLISHED: 2018-09-24
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.