Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Compliance posted in August 2019
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Quick Hits  |  8/22/2019  | 
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
Security Pros, Congress Reps Talk National Cybersecurity at DEF CON
News  |  8/12/2019  | 
Cybersecurity and government leaders discussed why Congress is unprepared for a major cyberattack and how the two parties can collaborate.
It's (Still) the Password, Stupid!
Commentary  |  8/9/2019  | 
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Yes, FaceApp Really Could Be Sending Your Data to Russia
Commentary  |  8/8/2019  | 
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product
News  |  8/1/2019  | 
A security consultant reported vulnerabilities in Cisco's Video Surveillance Manager in 2009 — but the company ignored the issues and fired the consultant.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Leave it to me, that's what BOTs are for.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd