Hot Topics

Editors' Choice

6

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018

3

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018

3

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018

'London Blue' BEC Cybercrime Gang Unmasked

Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/4/2018

4 Lessons Die Hard Teaches About Combating Cyber Villains

Keith Graham, Chief Technology Officer, SecureAuth,  12/6/2018

Kubernetes Vulnerability Hits Top of Severity Scale

Curtis Franklin Jr., Senior Editor at Dark Reading,  12/6/2018

Subscribe to Newsletters

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Communications & Collaboration 2022 at EC19 Orlando March 18-21

How IT Security Teams Can Use Machine Learning to Improve Data Defense

Stopping Email-Borne Threats from Spreading like the Flu

Consistency is Key with Cloud Security

Webinar Archives

White Papers

Reducing the Human Attack Surface with Phishing Simulations

STIX/TAXII: What You Need to Know

NotPetya: One Year Later

Threatscape of the US Election from Anomali Labs

10 Best Practices That Could Reshape Your IT Security Department

More White Papers

Video

How Secure Are Our Voting Systems?

4 Comments

Don't Overestimate WebAssembly's Security

0 Comments

SirenJack: Cracking SF's Emergency System

2 Comments

DeepLocker Hides Targeted Attacks

1 Comments

Forensic Analysis of 'Worst Voting ...

0 Comments

The Uncertain Fate of WHOIS, & Other ...

2 Comments

Stopping Payment Card Fraud With Threat Intel

0 Comments

Malicious Cryptomining & Other Shifting ...

0 Comments

The Economics of AI-Enabled Security

0 Comments

Threat Deception for Insider Threat

0 Comments

Filtering the Threat Intel Tsunami

0 Comments

Ensuring Hardened, Secure Web Apps

0 Comments

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes.  You are getting sleepy, very sleepy......

Cartoon Archive

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20161
PUBLISHED: 2018-12-15

A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...

CVE-2018-20159
PUBLISHED: 2018-12-15

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...

CVE-2018-20157
PUBLISHED: 2018-12-15

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.

CVE-2018-20154
PUBLISHED: 2018-12-14

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.

CVE-2018-20155
PUBLISHED: 2018-12-14

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.