News & Commentary

Content tagged with Compliance posted in September 2006
Six Hot Security Products
News  |  9/26/2006  | 
All security products are hot these days, but here are six that could fry an egg - or maybe a hacker
Mozilla Patches RSA Crypto Flaw
News  |  9/15/2006  | 
Mozilla is the first big-name developer to go public with vulnerabilities to the recent flaw in RSA crypto implementations
Banks Launch Authentication Project
News  |  9/14/2006  | 
The Financial Services Technology Consortium builds testbed for authenticating bank Websites and emails
Putting Security in the Bank
News  |  9/13/2006  | 
Under regulatory and threat pressures, financial institutions look for ways to fund, and market, security
S1 Intros Authentication
News  |  9/12/2006  | 
S1 announced that financial institutions using its IBS solutions are among the first to successfully roll out enhanced authentication
Crypto Flaw Prone to Spoofing
News  |  9/11/2006  | 
Newly discovered flaw in OpenSSL leaves some RSA cryptography implementations vulnerable
Dual Authentication Tapped in Phish Fight
News  |  9/5/2006  | 
CMU anti-phishing prototype keeps users from giving away the store, but the catch is everyone has to deploy and use it


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20168
PUBLISHED: 2018-12-17
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.
CVE-2018-20167
PUBLISHED: 2018-12-17
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME typ...
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.