News & Commentary

Content tagged with Compliance posted in September 2011
Outdated Browsers Leave Many Enterprises Vulnerable To Attack
News  |  9/27/2011  | 
Despite efforts to get users to update browsers, the search for better security only begins with a patch
QSAs Share What Drives Improved PCI Practices
News  |  9/26/2011  | 
As organizations shift attitudes and overcome misconceptions, PCI compliance and security improve
New FFIEC Authentication Guidance Calls For Layers
Commentary  |  9/24/2011  | 
Increased threats and weaknesses in certain accepted authentication mechanisms, FFIEC warns
Trusted Computing: Still Waiting For The Big Dance
News  |  9/20/2011  | 
Technology now built into more than 500 million PCs, but most enterprises still don't use it
(ISC)2 Launches New Foundation For Security Education
Quick Hits  |  9/19/2011  | 
Charitable initiative will offer user education, youth programs
Getting Started With Cloud Compliance
News  |  9/12/2011  | 
All of the same compliance rules still apply in the cloud
The Criticality Of Risk Assessments: FISMA, HIPAA, And Other Regs
Commentary  |  9/4/2011  | 
Risk assessments are a critical part of regulatory compliance, but many organizations don't implement them well
NortonLive Ultimate Help Desk Now Supports Small Business Owners
News  |  9/1/2011  | 
NortonLive Ultimate Help Desk offers Small Business Plan with unlimited support for a broad range of computer and digital devices


Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
CVE-2018-12561
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
CVE-2018-12562
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).