News & Commentary

Content tagged with Compliance posted in September 2007
Startup Wins License for Secure Biometrics Token
News  |  9/27/2007  | 
Technology promises to protect privacy of user whose biometric data is stolen or copied
Many Retailers Will Not Make PCI Compliance Deadline
News  |  9/26/2007  | 
Problems with applications, access management leave credit card processors facing fines - and vulnerabilities
Canadian Government Sheds Light On TJX Breach
News  |  9/25/2007  | 
Attack was conducted via wireless links at two Miami Marshall's stores, investigation reveals
Quantum Research Could Threaten Encryption Schemes
News  |  9/13/2007  | 
New quantum computers implement algorithm capable of cracking most current encryption codes
Email Encryption Gets Easier
News  |  9/13/2007  | 
But are these new methods enough to convince enterprises to secure their messages with in-house systems - or that they even need to?
'Virtual' Vulnerabilities About to Become Reality
News  |  9/11/2007  | 
Virtualization bugs may be rare, but they are only the tip of the iceberg
Hacking the White House
News  |  9/10/2007  | 
War walk around the President's house exposes some interesting vulnerabilities outside the fence, but solid defenses inside
Citrix's Security Play
News  |  9/7/2007  | 
With acquisition of XenSource, Citrix puts itself at forefront of data center virtualization - and security


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17317
PUBLISHED: 2018-09-21
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /ww...
CVE-2018-17320
PUBLISHED: 2018-09-21
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
CVE-2018-17141
PUBLISHED: 2018-09-21
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
CVE-2018-17173
PUBLISHED: 2018-09-21
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVE-2018-17174
PUBLISHED: 2018-09-21
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.