News & Commentary

Content tagged with Compliance posted in September 2006
Six Hot Security Products
News  |  9/26/2006  | 
All security products are hot these days, but here are six that could fry an egg - or maybe a hacker
Mozilla Patches RSA Crypto Flaw
News  |  9/15/2006  | 
Mozilla is the first big-name developer to go public with vulnerabilities to the recent flaw in RSA crypto implementations
Banks Launch Authentication Project
News  |  9/14/2006  | 
The Financial Services Technology Consortium builds testbed for authenticating bank Websites and emails
Putting Security in the Bank
News  |  9/13/2006  | 
Under regulatory and threat pressures, financial institutions look for ways to fund, and market, security
S1 Intros Authentication
News  |  9/12/2006  | 
S1 announced that financial institutions using its IBS solutions are among the first to successfully roll out enhanced authentication
Crypto Flaw Prone to Spoofing
News  |  9/11/2006  | 
Newly discovered flaw in OpenSSL leaves some RSA cryptography implementations vulnerable
Dual Authentication Tapped in Phish Fight
News  |  9/5/2006  | 
CMU anti-phishing prototype keeps users from giving away the store, but the catch is everyone has to deploy and use it


Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.