Hot Topics

Editors' Choice

2

Understanding Evil Twin AP Attacks and How to Prevent Them

Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018

2

Veterans Find New Roles in Enterprise Cybersecurity

Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018

1

2018 on Track to Be One of the Worst Ever for Data Breaches

Jai Vijayan, Freelance writer,  11/12/2018

RIP, 'IT Security'

Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018

Security Teams Struggle with Container Security Strategy

Ericka Chickowski, Contributing Writer, Dark Reading,  11/14/2018

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

Curtis Franklin Jr., Senior Editor at Dark Reading,  11/14/2018

Subscribe to Newsletters

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

Developing a Customized Defense Against Targeted Attacks

The Insider Threat: Real Defense for Real Businesses

New Security Strategies for the Cloud Services Environment

Webinar Archives

White Papers

4 Support Teams That Embraced Mobile

Mitigating False-Positives to Improve Software Publishing

If It Ain't Broke, Don't Fix It: Cofense Malware Review Q2-Q3 2018

Cybersecurity Profile: USA

Design Secure Software from the First Line of Code

More White Papers

Video

How Secure Are Our Voting Systems?

3 Comments

Don't Overestimate WebAssembly's Security

0 Comments

SirenJack: Cracking SF's Emergency System

2 Comments

DeepLocker Hides Targeted Attacks

1 Comments

Forensic Analysis of 'Worst Voting ...

0 Comments

The Uncertain Fate of WHOIS, & Other ...

1 Comments

Stopping Payment Card Fraud With Threat Intel

0 Comments

Malicious Cryptomining & Other Shifting ...

0 Comments

The Economics of AI-Enabled Security

0 Comments

Threat Deception for Insider Threat

0 Comments

Filtering the Threat Intel Tsunami

0 Comments

Ensuring Hardened, Secure Web Apps

0 Comments

All Videos

Cartoon

Latest Comment: You know, at first glance, I liked the idea of wearable tech.. Never through it would be a security risk.

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Online Malware and Threats: A Profile of Today's Security Posture

This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!

Download Now!

The Risk Management Struggle

0 comments

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-9071
PUBLISHED: 2018-11-16

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.

CVE-2018-9073
PUBLISHED: 2018-11-16

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

CVE-2018-9085
PUBLISHED: 2018-11-16

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

CVE-2018-9086
PUBLISHED: 2018-11-16

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

CVE-2018-19296
PUBLISHED: 2018-11-16

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.