News & Commentary

Content tagged with Compliance posted in July 2008
Startup Promises More Accurate Fraud Detection
News  |  7/31/2008  | 
Guardian Analytics's new 'fraud modeling' technology recognizes activity that goes outside user norm
Survey Highlights Telecommuter Troubles
Quick Hits  |  7/31/2008  | 
Telecommuting security, privacy risks often put on the back burner, according to a new survey by Ernst & Young
The Real Dirt on Whitelisting
News  |  7/30/2008  | 
The choice for blacklisting versus whitelisting isn't really black and white
Ad Agency Keeps the Word From Spreading
News  |  7/25/2008  | 
Access control technology helps Arnold Worldwide protect client data, meet compliance requirements
Details, Exploits of Web-Wide DNS Vulnerability Revealed
News  |  7/24/2008  | 
Kaminsky outlines flaw, says 'we're in serious trouble'; exploit code posted on Metasploit
Researchers Raise Alarm Over New Iteration of Coreflood Botnet
News  |  7/23/2008  | 
Password-stealing Trojan is spreading like a worm - and targeted directly at the enterprise
SF Net Hijacker Gives Up Passwords
Quick Hits  |  7/18/2008  | 
Former IT administrator says he's ready to give the keys back to the city
Report: Outsider Attacks Down, Insider Attacks Up
Quick Hits  |  7/16/2008  | 
Annual CA security report indicates fundamental shift in the nature of enterprise threats
Vulnerabilities Could Expose Broad Range of Java Apps
News  |  7/16/2008  | 
Newly discovered flaws in open-source framework could allow attackers to alter data or hijack Web applications
Europe Grants First Privacy Certification
News  |  7/14/2008  | 
EuroPriSe seal tells Web surfers that sites won't break rules regarding the use and storage of personal data or online behavior
Academic Portal Platform Fails Penetration Test
News  |  7/14/2008  | 
Researchers find vulnerabilities in popular open-source Moodle software that can lead to stolen tests, altered grades, or complete site takeover
UK Local Governments Selling Voters' Personal Data
Quick Hits  |  7/14/2008  | 
Little-known legal provision allows local governments to sell voter names and and addresses for as little as $10 per 1,000
National 'Do Not Call' Registry Is Working, FTC Says
News  |  7/10/2008  | 
Commission pats itself on the back, but marketers and consumers are still holding the phone
Congress Opens Debate on Behavioral Advertising
News  |  7/9/2008  | 
Businesses say tracking users' online behavior is a benefit; privacy advocates say it's a threat
FasTrak Toll Hacked, Exposing Privacy Dangers
News  |  7/9/2008  | 
Researcher finds electronic toll tag vulnerabilities in Black Hat 'Highway to Hell' research
Privacy-Conscious Consumers Fight Back
Quick Hits  |  7/3/2008  | 
Many consumers are now resisting companies' requests for personal information, Canadian study says
Laptop Losses Total 12,000 Per Week at US Airports
News  |  7/2/2008  | 
Nearly 70% are never recovered; many go unreported
Citibank PIN Hack: Deja Vu
Quick Hits  |  7/2/2008  | 
Hack keeps coming back to haunt banking giant
PCI Standards Expanded to Include Unattended Devices
News  |  7/1/2008  | 
New specs respond to emerging threats posed at kiosks, ATM devices


Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.