Slideshows

Content posted in November 2017
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017  | 
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
6 Real Black Friday Phishing Lures
Slideshows  |  11/21/2017  | 
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
Insider Threats: Red Flags and Best Practices
Slideshows  |  11/15/2017  | 
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
6 Steps for Sharing Threat Intelligence
Slideshows  |  11/10/2017  | 
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
Inhospitable: Hospitality & Dinings Worst Breaches in 2017
Slideshows  |  11/8/2017  | 
Hotels and restaurants are in the criminal crosshairs this year.
8 Older Companies Doing New Things in Security
Slideshows  |  11/6/2017  | 
These organizations have been around for a while but aren't slowing down on security releases.
10 Mistakes End Users Make That Drive Security Managers Crazy
Slideshows  |  11/2/2017  | 
Here's a list of common, inadvertent missteps end users make that can expose company data.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1732
PUBLISHED: 2018-08-17
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sen...
CVE-2018-15356
PUBLISHED: 2018-08-17
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15357
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15358
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15359
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.