Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Article Boards

Message Boards posted in November 2020
ISO 27701 Paves the Way for a Strategic Approach to Privacy
Last Message: 11/30/2020
 |  Comments: 1
Why Vulnerable Code Is Shipped Knowingly
Last Message: 11/30/2020
 |  Comments: 1
Researchers Say They've Developed Fastest Open Source IDS/IPS
Last Message: 11/30/2020
 |  Comments: 2
A 7-Step Cybersecurity Plan for Healthcare Organizations
Last Message: 11/30/2020
 |  Comments: 1
Look Beyond the 'Big 5' in Cyberattacks
Last Message: 11/27/2020
 |  Comments: 1
8 New and Hot Cybersecurity Certifications for 2020
Last Message: 11/25/2020
 |  Comments: 3
The $500,000 Cost of Not Detecting Good vs. Bad Bot Behavior
Last Message: 11/24/2020
 |  Comments: 1
10 Tips for More Secure Mobile Devices
Last Message: 11/23/2020
 |  Comments: 4
A Call for Change in Physical Security
Last Message: 11/21/2020
 |  Comments: 1
6 Cybersecurity Lessons From 2020
Last Message: 11/20/2020
 |  Comments: 1
How to Identify Cobalt Strike on Your Network
Last Message: 11/19/2020
 |  Comments: 2
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
Last Message: 11/18/2020
 |  Comments: 2
Physical Security Has a Lot of Catching Up to Do
Last Message: 11/17/2020
 |  Comments: 1
Breakdown of a Break-in: A Manufacturer's Ransomware Response
Last Message: 11/17/2020
 |  Comments: 1
5 Steps Every Company Should Take to Avoid Data Theft Risk
Last Message: 11/17/2020
 |  Comments: 1
6 Ways Passwords Fail Basic Security Tests
Last Message: 11/16/2020
 |  Comments: 2
Researchers Find 24 'Dangerous' Android Apps with 382M Installs
Last Message: 11/15/2020
 |  Comments: 1
How Hackers Blend Attack Methods to Bypass MFA
Last Message: 11/15/2020
 |  Comments: 1
Cartoon Contest: Second Wind
Last Message: 11/15/2020
 |  Comments: 12
Ransomware Trains Its Sights on Cloud Providers
Last Message: 11/13/2020
 |  Comments: 16
Insecure APIs a Growing Risk for Organizations
Last Message: 11/10/2020
 |  Comments: 1
The Oracle-Walmart-TikTok Deal Is Not Enough
Last Message: 11/9/2020
 |  Comments: 1
NSS Labs' Abrupt Shutdown Leaves Many Unanswered Questions
Last Message: 11/7/2020
 |  Comments: 1
Rising Ransomware Breaches Underscore Cybersecurity Failures
Last Message: 11/7/2020
 |  Comments: 2
APT Groups Get Innovative -- and More Dangerous -- in Q3
Last Message: 11/5/2020
 |  Comments: 1
How Healthcare Organizations Can Combat Ransomware
Last Message: 11/5/2020
 |  Comments: 1
Cartoon: Reverse Ransomware
Last Message: 11/4/2020
 |  Comments: 4
JavaScript Obfuscation Moves to Phishing Emails
Last Message: 11/2/2020
 |  Comments: 1
Cryptocurrency Theft Drives 3x Increase in Money Laundering
Last Message: 11/2/2020
 |  Comments: 2
Latest Security News from RSAC 2020
Last Message: 11/2/2020
 |  Comments: 4
Name That Toon: Castle in the Sky
Last Message: 11/1/2020
 |  Comments: 18


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...