Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Article Boards

Message Boards posted in January 2014
Finding The Balance Between Compliance & Security
Last Message: 1/31/2014
 |  Comments: 10
Angry Birds Site Toppled After Surveillance Report
Last Message: 1/31/2014
 |  Comments: 7
Target Hackers Tapped Vendor Credentials
Last Message: 1/31/2014
 |  Comments: 7
The Scariest End-User Security Question: What Changed?
Last Message: 1/30/2014
 |  Comments: 11
Target Mocks, Not Helps, Its Data Breach Victims
Last Message: 1/29/2014
 |  Comments: 22
Michaels Stores Investigates Data Breach
Last Message: 1/29/2014
 |  Comments: 5
Cloud Gazing: 3 Security Trends To Watch
Last Message: 1/27/2014
 |  Comments: 9
How & Why Cloud Security Will Empower Users
Last Message: 1/27/2014
 |  Comments: 3
Future Shock: The Internet of Compromised Things
Last Message: 1/24/2014
 |  Comments: 16
Target Breach: 5 Unanswered Security Questions
Last Message: 1/24/2014
 |  Comments: 13
HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
Last Message: 1/24/2014
 |  Comments: 11
China Blames Massive Internet Blackout On Hackers
Last Message: 1/24/2014
 |  Comments: 7
Google Chrome Allows Eavesdropping, Researcher Claims
Last Message: 1/23/2014
 |  Comments: 4
Politically Motivated Cyberattackers Adopt New Tactics
Last Message: 1/23/2014
 |  Comments: 1
Malware: More Hype Than Reality
Last Message: 1/22/2014
 |  Comments: 18
"Windows XP Security Apocalypse: Prepare To Be Pwned"
Last Message: 1/22/2014
 |  Comments: 10
"Q&A: FedRAMP Director Discusses Cloud Security Innovation"
Last Message: 1/21/2014
 |  Comments: 3
What Healthcare Can Teach Us About App Security
Last Message: 1/21/2014
 |  Comments: 5
Why I Pulled Out Of The RSA Conference
Last Message: 1/21/2014
 |  Comments: 11
"10 Cyber Threats Small Businesses Can't Ignore"
Last Message: 1/17/2014
 |  Comments: 2
6 Ways To Strengthen Web App Security
Last Message: 1/17/2014
 |  Comments: 1
Java 'Icefog' Malware Variant Infects US Businesses
Last Message: 1/16/2014
 |  Comments: 1
Target Breach: 8 Facts On Memory-Scraping Malware
Last Message: 1/16/2014
 |  Comments: 4
Cartoon: Forgot Password? Click Here
Last Message: 1/16/2014
 |  Comments: 1
Blackphone Promises To Block Snooping
Last Message: 1/15/2014
 |  Comments: 1
Feds Fail To Secure Mobile Devices
Last Message: 1/15/2014
 |  Comments: 2
9 Security Experts Boycott RSA Conference
Last Message: 1/15/2014
 |  Comments: 5
Neiman Marcus, Target Data Breaches: 8 Facts
Last Message: 1/15/2014
 |  Comments: 8
Target Breach Widens: 70 Million Warned
Last Message: 1/13/2014
 |  Comments: 6
NSA Fallout: Why Foreign Firms Wont Buy American Tech
Last Message: 1/13/2014
 |  Comments: 9
Mobility & Cloud: A Double Whammy For Securing Data
Last Message: 1/11/2014
 |  Comments: 4
Online Privacy: We Just Don't Care
Last Message: 1/11/2014
 |  Comments: 1
Beware PowerLocker Ransomware
Last Message: 1/9/2014
 |  Comments: 6
Yahoo Ads Hack Spreads Malware
Last Message: 1/8/2014
 |  Comments: 8
Snapchat Breach: What's Next
Last Message: 1/7/2014
 |  Comments: 6
OpenSSL Says Breach Did Not Involve Corrupted Hypervisor
Last Message: 1/7/2014
 |  Comments: 3
How Cloud Security Drives Business Agility
Last Message: 1/7/2014
 |  Comments: 5
Physical & Network Security: Better Together In 2014
Last Message: 1/7/2014
 |  Comments: 11
Name That Toon: Contest Winners Named
Last Message: 1/6/2014
 |  Comments: 4
2013: The Year Of Security Certification Bashing
Last Message: 1/6/2014
 |  Comments: 16
9 Notorious Hackers Of 2013
Last Message: 1/6/2014
 |  Comments: 8
RSA Denies Trading Security For NSA Payout
Last Message: 1/4/2014
 |  Comments: 13
7 Reasons Why Bitcoin Attacks Will Continue
Last Message: 1/3/2014
 |  Comments: 7
Bitcoin Thefts Surge, DDoS Hackers Take Millions
Last Message: 1/3/2014
 |  Comments: 23
Security, Privacy & The Democratization Of Data
Last Message: 1/3/2014
 |  Comments: 11
The Coolest Hacks Of 2013
Last Message: 1/2/2014
 |  Comments: 3
The Fuzzy Future Of Identity Management
Last Message: 1/2/2014
 |  Comments: 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...