Cartoon Contest
Latest Content
Cartoon: Spring Fever
Cartoon Contest  |  5/7/2015  | 
Cartoon: Infosec Multitasking
Cartoon Contest  |  3/27/2015  | 
Cartoon: End-User Ed
Cartoon Contest  |  1/20/2015  | 
Cartoon: The Insider Threat
Cartoon Contest  |  11/26/2014  | 
Cartoon: BYOD Meets Internet of Things
Cartoon Contest  |  10/21/2014  | 
Cartoon: End-User Security Prayer
Cartoon Contest  |  9/30/2014  | 
Cartoon: Old-School Biometrics
Cartoon Contest  |  8/28/2014  | 
Cartoon: Cloud (In)security
Cartoon Contest  |  8/5/2014  | 
Cartoon: Cloud Conundrum
Cartoon Contest  |  7/2/2014  | 
Cartoon: What Your Toaster Now Needs
Cartoon Contest  |  5/27/2014  | 
Cartoon: E2c$y5tion
Cartoon Contest  |  4/18/2014  | 
Strong Passwords
Cartoon Contest  |  3/26/2014  | 


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0121
Published: 2015-05-30
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token ...

CVE-2015-0191
Published: 2015-05-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0191. Reason: This candidate is a duplicate of CVE-2014-0191. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-0191 instead of this candidate. All references and descriptions in this candid...

CVE-2015-0193
Published: 2015-05-30
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0733
Published: 2015-05-30
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID ...

CVE-2015-0743
Published: 2015-05-30
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?