Starwood Breach Reaction Focuses on 4-Year Dwell

Hot Topics

Editors' Choice

3

97% of Americans Can't Ace a Basic Security Test

Steve Zurier, Contributing Writer, 5/20/2019

2

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack

Kelly Jackson Higgins, Executive Editor at Dark Reading, 5/20/2019

2

Why AI Will Create Far More Jobs Than It Replaces

John DiLullo, CEO, Lastline, 5/14/2019

Live Events

Webinars

WorkSpace Connect - Sept 9-11, Dallas - Register Now!

Prepare for the Future of WorkSpaces! Register Today!

Work Styles Are Evolving, Are Your IT Teams Ready?

More Informa Tech Live Events

White Papers

[Checklist] Vendor Risk Management Fundamentals

Building and Managing an IT Security Operations Program

6 Keys to Faster Phishing Mitigation

7 Ways to Get the Most from Your IDS/IPS

8 'SOC-as-a-Service' Offerings

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Talk about vendor lock in...

Cartoon Archive

Current Issue

Building and Managing an IT Security Operations Program

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-11816
PUBLISHED: 2019-05-20

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.

CVE-2019-10076
PUBLISHED: 2019-05-20

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVE-2019-10077
PUBLISHED: 2019-05-20

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVE-2019-10078
PUBLISHED: 2019-05-20

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

CVE-2019-12239
PUBLISHED: 2019-05-20

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.