Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Careers and People

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

To InformationWeek

Network Computing Dark Reading

Advertise

DRTV

View Content By Month

Cybercriminals' Superior Business Savvy Keeps Them Ahead

Cybercriminals' Superior Business Savvy Keeps Them Ahead

Dark Reading Videos | 9/30/2016 |

Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.

Improving Security Savvy Of Execs And Board Room

Improving Security Savvy Of Execs And Board Room

Dark Reading Videos | 9/28/2016 |

Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.

An Open-Source Security Maturity Model

An Open-Source Security Maturity Model

Dark Reading Videos | 9/23/2016 |

Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.

D-FENSE! Using Research To Craft Effective Cyber Defenses

D-FENSE! Using Research To Craft Effective Cyber Defenses

Dark Reading Videos | 9/23/2016 |

A pair of experts from Imperva stops by the Dark Reading News Desk to chat.

How Windows 10 Stops Script-Based Attacks On The Fly

How Windows 10 Stops Script-Based Attacks On The Fly

Dark Reading Videos | 9/21/2016 |

Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

Dark Reading Videos | 9/20/2016 |

Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.

Rise Of Machine Learning: Advancing Security With ML

Rise Of Machine Learning: Advancing Security With ML

Dark Reading Videos | 9/20/2016 |

Hal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.

The Future Of AI-Based Cybersecurity: It's Here Now

The Future Of AI-Based Cybersecurity: It's Here Now

Dark Reading Videos | 9/19/2016 |

Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.

Stop Blaming Users. Make Security User-Friendly.

Stop Blaming Users. Make Security User-Friendly.

Dark Reading Videos | 9/15/2016 |

Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'

Making The Dark Web Less Scary

Making The Dark Web Less Scary

Dark Reading Videos | 9/14/2016 |

Lance James, chief scientist at Flashpoint, stops by the Dark Reading News Desk to share his thoughts about the Dark Web.

Keep It Simple: Security For A Complex Enterprise

Keep It Simple: Security For A Complex Enterprise

Dark Reading Videos | 9/14/2016 |

Michelle Cobb of Skybox Security talks to Dark Reading about security management.

Taking Down Impersonators: Methods For Combating Email Fraud

Taking Down Impersonators: Methods For Combating Email Fraud

Dark Reading Videos | 9/14/2016 |

Bob Adams, cybersecurity strategist at Mimecast, stops by the Black Hat News Desk.

Wisdom From A Thought Leader: AppSec Best Practices

Wisdom From A Thought Leader: AppSec Best Practices

Dark Reading Videos | 9/14/2016 |

The Black Hat News Desk chats with Jeff Williams, CTO at Contrast Security.

Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates

Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates

Dark Reading Videos | 9/14/2016 |

Tom Nipravsky, security researcher at Deep Instinct, explains how to tell the difference between a digital certificate that's worth your trust and one that isn't.

Yes, Your Database Can Be Breached Through A Coffee Pot

Yes, Your Database Can Be Breached Through A Coffee Pot

Dark Reading Videos | 9/13/2016 |

Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.

Dan Kaminsky On How Not To Lose The Internet As We Know It

Dan Kaminsky On How Not To Lose The Internet As We Know It

Dark Reading Videos | 9/12/2016 |

Dan Kaminsky discusses how to improve the security and privacy of the Internet without destroying the openness and freedom to innovate that it has always provided.

Look The Other Way: DDoS Attacks As Diversions

Look The Other Way: DDoS Attacks As Diversions

Dark Reading Videos | 9/7/2016 |

Black Hat News Desk talks to Joe Loveless of Neustar.

Bad Boys, Whatcha Gonna Do When They Come For You?

Bad Boys, Whatcha Gonna Do When They Come For You?

Dark Reading Videos | 9/7/2016 |

A Black Hat News Desk discussion with Shehzad Merchant of Gigamon.

Get Smarter About Threat Intelligence

Get Smarter About Threat Intelligence

Dark Reading Videos | 9/7/2016 |

A conversation with Anomali CEO Hugh Njemanze.

View Content by Month

Editors' Choice

Edge-DRsplash-10-edge-articles

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

The Relationship Between Security Maturity and Business Enablement

Causes and Consequences of IT and OT Convergence

IT/OT Convergence Enables Security Operations Synergies

Cloud Journey Migration Stage: Adaptive Cloud Security

Cloud Incident Response Datasheet

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.

Download This Issue!

Back Issues | Must Reads

Flash Poll

Incident Readiness and Building Response Playbook

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Battle for the Endpoint

How Enterprises are Developing Secure Applications

Assessing Cybersecurity Risk in Today's Enterprises

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-1142
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

CVE-2023-1143
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.

CVE-2023-1144
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.

CVE-2023-1145
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

CVE-2023-1655
PUBLISHED: 2023-03-27

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]