Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in August 2008
Feds Shift Gears & Mandate DNSSEC for All Agencies
Quick Hits  |  8/28/2008  | 
US government takes a harder line on securing DNS infrastructure, but DNSSEC still hotly debated
Microsoft Offers Details on Privacy Features in IE8
News  |  8/27/2008  | 
New browser will allow user to better control access to surfing history, cookies
Hack Lets Researchers Silently Eavesdrop on IP Networks
Quick Hits  |  8/27/2008  | 
New twist on an old BGP routing vulnerability could change the face of data theft, researchers say
The Seven Deadliest Social Networking Hacks
News  |  8/26/2008  | 
Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
User Buys Millions of Bank Records (& a PC) on eBay
Quick Hits  |  8/26/2008  | 
Used computer reveals sensitive customer data that should have been wiped clean, eBay buyer says
Best Western Denies Report of Massive Data Breach
News  |  8/25/2008  | 
Scottish newspaper says flaw exposed personal records of 8M hotel chain customers since 2007; Best Western says report is 'grossly unsubstantiated'
Life Insurer Takes New Approach to Two-Factor Authentication
News  |  8/22/2008  | 
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
ID Theft Ringleader Gets Three Days in Jail
Quick Hits  |  8/22/2008  | 
Man convicted of leading Canada's largest identity theft conspiracy is virtually sentenced to time served
Princeton Review Exposes Data on More Than 100,000 Students
News  |  8/19/2008  | 
Website configuration error left data accessible for seven weeks
Attacks Continue on Retail Stores, Restaurants
News  |  8/18/2008  | 
Criminals exploit wireless vulnerabilities, social engineering to collect large volumes of customer data
Spear Phishing Attack Unleashes 1.5M Spam Messages
Quick Hits  |  8/18/2008  | 
New Zealand university is exploited after convincing ruse fools four staffers
'Surf Jacking' Threatens Secure Browser Sessions
Quick Hits  |  8/14/2008  | 
Researcher launches proof of concept to show vulnerability in HTTPS
Stolen Wells Fargo Access Codes Threaten 7,000
Quick Hits  |  8/13/2008  | 
Thieves may have used credit reporting system to steal personal data
LinkedIn Hack Demonstrates Ease of Impersonation
Quick Hits  |  8/12/2008  | 
Researchers channel Marcus Ranum on popular social network, duping security icon's friends, family, and colleagues
Researchers: There's Gold in Them Thar Hacks
News  |  8/8/2008  | 
Black Hat presentation shows some simple methods hackers have used to get rich or die trying
'Bringing Sexy Back' to Hacking
News  |  8/7/2008  | 
DefCon session will feature iPhones running WiFi scans and sophisticated spear-phishing tricks
Kaminsky: DNS Vulnerability Will Affect Email, Internal Systems, Too
News  |  8/6/2008  | 
If you think the now-infamous flaw is limited to browsers and the Web, think again, pioneer researcher says
Malicious Botnet Stole Bank, Credit Union Credentials
News  |  8/6/2008  | 
New report says the 50 GB of data stolen were only one fourth of the data harvested
Feds Arrest Hackers of TJX, Other Retailers in Huge Conspiracy Bust
News  |  8/5/2008  | 
Eleven perpetrators held responsible for online theft and sale of more than 40 million credit and debit cards


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...