Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Upcoming Webinars

Webinar Archives
Architecting Security for the Internet of Things
Date: Dec 16, 2020
View webinar
In this webcast, experts discuss the most effective approaches to securing the embedded systems used in their enterprise and offer advice on monitoring and protecting next-generation IoT technology.

The Pesky Password Problem: Policies That Help You Gain the Upper Hand on the Bad Guys
Date: Dec 15, 2020
View webinar
Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, to find out what your password policy should be and learn about the common mistakes organizations make when creating password policy.

Defense and Response Against Insider Threats & User Errors
Date: Dec 10, 2020
View webinar
In this webinar, industry experts will discuss the key strategies, processes, and technologies that enterprises need to mitigate the most damaging data breaches of all -- the ones created by trusted users.

Data Protection Strategies and Secrets - 12/10 @ 11am EST
Date: Dec 10, 2020
View webinar
This virtual event spotlights expert insights for ensuring that data is available and secured wherever and whenever a business needs it most--whether in the cloud, across corporate endpoints, or on unmanaged devices--and that its policies align with a fast-changing regulatory environment. Reserve your spot today!

Succeeding With Secure Access Service Edge (SASE)
Date: Dec 09, 2020
View webinar
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data. SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture?

COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28331
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a de...
CVE-2020-28928
PUBLISHED: 2020-11-24
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
CVE-2020-28994
PUBLISHED: 2020-11-24
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
CVE-2020-13620
PUBLISHED: 2020-11-24
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.
CVE-2020-13942
PUBLISHED: 2020-11-24
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest ava...