Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Event Updates

Content tagged with Black Hat posted in May 2014
Register This Week to Save on Black Hat USA
Event Updates  |  5/28/2014  | 
Black Hat USA is 10 weeks away. Early Registration Pricing ends Monday, June 2, at 11:59 p.m. ET.
Black Hat USA 2014: Focus on Reverse Engineering
Event Updates  |  5/28/2014  | 
Reverse engineering: The somewhat arcane art that helps illuminate the inner workings of proprietary systems, obfuscated or otherwise, is always a big theme at Black Hat conferences. This year, we have an impressive slate of reverse engineering-related programming.
Black Hat USA 2014: Focus on Mobile
Event Updates  |  5/21/2014  | 
So far all our intel updates focused on the many exciting training opportunities that'll be on offer at Black Hat USA 2014. But now that we've revealed the upcoming slate of Black Hat briefing sessions, we'd like to highlight the best of the best briefings, too. Today we'll start with a focus on mobile -- let's dive in.
Black Hat USA 2014: Something in the Air
Event Updates  |  5/20/2014  | 
Today's quartet of Black Hat 2014 Training highlights delve into the wide world of wireless hacking.
Black Hat USA 2014 Briefings Announcement
Event Updates  |  5/15/2014  | 
The Black Hat Review Board has been hard at work evaluating the hundreds of submissions we've received this year, and we're very excited to announce the posting of the first batch of Briefings selected for Black Hat USA 2014.
Black Hat USA 2014: Mobile PenTesting
Event Updates  |  5/13/2014  | 
The computers we carry in our pockets are as powerful as desktop PCs of only a few years ago, and we trust them with more and more critical information. But mobile devices have a plethora of their own security issues that threaten to disrupt this pocket-based computing utopia, which is where mobile penetration testing comes in.
Black Hat USA 2014: Understanding Malware
Event Updates  |  5/6/2014  | 
Understanding and combating malware is at the heart of much of today's infosec work, and today's trio of Black Hat USA 2014 Training highlights approach the topic from a couple of different angles.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32794
PUBLISHED: 2021-07-26
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did no...
CVE-2021-36563
PUBLISHED: 2021-07-26
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS pay...
CVE-2021-37392
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected use...
CVE-2021-37393
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user...
CVE-2021-37394
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.