News & Commentary

Content tagged with Compliance posted in August 2006
App Proxies: No Reviving the Dream
News  |  8/31/2006  | 
Application proxies stir up fond memories of more enterprise control, but chances of resurgence are slim
Wireless Piggybackers Put on Notice
News  |  8/30/2006  | 
New California law encourages users to lock up WLANs, setting the stage for criminal action against hackers and piggybackers
Study: Rethink the Outsider Threat
News  |  8/28/2006  | 
DOJ data turns conventional wisdom on its head: Biggest enterprise threat is more than likely external
Holes Remain in SSL VPNs
News  |  8/25/2006  | 
SSL VPN products have gotten more secure in the past year, but the technology still isn't safe when users log on via third-party machines
Flaws Reported in Bank of America System
News  |  8/18/2006  | 
Sestus, rival to vendor of Bank of America's SiteKey authentication system, reports vulnerabilities in the Sitekey technology
'Analog Hackers' Overlooked, Undetected
News  |  8/17/2006  | 
Many enterprises secure electronic access points but fail to see their own front doors as vulnerable
Researchers Break Into Bank
News  |  8/10/2006  | 
Cardiff University researchers have discovered how to access online accounts of HSBC banking customers
Eliminating the Laptop Threat
News  |  8/10/2006  | 
Here's a real different take on dual-factor authentication
The Portable Puzzle
News  |  8/10/2006  | 
Solutions for managing security of mobile systems and portable storage devices still elude many enterprises
No Wires & No Policies
News  |  8/2/2006  | 
Despite the convenience of wireless and portable devices, most security policies still don't embrace them, according to a new Dark Reading survey
Social Networking Gone Bad
News  |  8/2/2006  | 
Worms and adware attacks are just a taste of what social networking sites could face as they evolve and attackers get more focused


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.