Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in June 2013
Researcher To Demo Spy-Phone At Black Hat
News  |  6/26/2013  | 
Using the ability to inject malicious code into applications on Android devices, a researcher will demonstrate at Black Hat how to create the infrastructure to spy on mobile users
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Duking It Out Over Endpoint Admin Rights
News  |  6/25/2013  | 
Endpoint rights policies should mean something for elite users, too
Cloud Can Simplify Vulnerability Management For SMBs
News  |  6/21/2013  | 
Lacking security skills, most small and midsize businesses need help in locking down their information technology, including cataloging and triaging vulnerabilities
CSI: Atlanta? No, It's Phone Fingerprinting
Quick Hits  |  6/20/2013  | 
Pindrop Security collects $11M in funding to build out next-gen solution for preventing phone fraud
Survey: Customers Expect To Be Asked, Compensated For Use Of Personal Data
Quick Hits  |  6/19/2013  | 
Consumers recognize value of personal info, expect "identity etiquette," survey says
12 Endpoint Security Myths Dispelled
News  |  6/11/2013  | 
Mistaken beliefs that hold back endpoint protection
Can't Fix What You Hide
Commentary  |  6/3/2013  | 
Willful ignorance may be bliss, but rarely is it compliant


A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4031
PUBLISHED: 2019-10-16
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.
CVE-2019-17626
PUBLISHED: 2019-10-16
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
CVE-2019-17627
PUBLISHED: 2019-10-16
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This a...
CVE-2019-17625
PUBLISHED: 2019-10-16
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such...
CVE-2019-17624
PUBLISHED: 2019-10-16
In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact.