Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in August 2006
App Proxies: No Reviving the Dream
News  |  8/31/2006  | 
Application proxies stir up fond memories of more enterprise control, but chances of resurgence are slim
Wireless Piggybackers Put on Notice
News  |  8/30/2006  | 
New California law encourages users to lock up WLANs, setting the stage for criminal action against hackers and piggybackers
Study: Rethink the Outsider Threat
News  |  8/28/2006  | 
DOJ data turns conventional wisdom on its head: Biggest enterprise threat is more than likely external
Holes Remain in SSL VPNs
News  |  8/25/2006  | 
SSL VPN products have gotten more secure in the past year, but the technology still isn't safe when users log on via third-party machines
Flaws Reported in Bank of America System
News  |  8/18/2006  | 
Sestus, rival to vendor of Bank of America's SiteKey authentication system, reports vulnerabilities in the Sitekey technology
'Analog Hackers' Overlooked, Undetected
News  |  8/17/2006  | 
Many enterprises secure electronic access points but fail to see their own front doors as vulnerable
Researchers Break Into Bank
News  |  8/10/2006  | 
Cardiff University researchers have discovered how to access online accounts of HSBC banking customers
Eliminating the Laptop Threat
News  |  8/10/2006  | 
Here's a real different take on dual-factor authentication
The Portable Puzzle
News  |  8/10/2006  | 
Solutions for managing security of mobile systems and portable storage devices still elude many enterprises
No Wires & No Policies
News  |  8/2/2006  | 
Despite the convenience of wireless and portable devices, most security policies still don't embrace them, according to a new Dark Reading survey
Social Networking Gone Bad
News  |  8/2/2006  | 
Worms and adware attacks are just a taste of what social networking sites could face as they evolve and attackers get more focused


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43668
PUBLISHED: 2022-12-07
Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.
CVE-2022-44606
PUBLISHED: 2022-12-07
OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
CVE-2022-44608
PUBLISHED: 2022-12-07
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
CVE-2022-44620
PUBLISHED: 2022-12-07
Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
CVE-2022-45113
PUBLISHED: 2022-12-07
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/ver...