Slideshows - Dark Reading

Hot Topics

Editors' Choice

5

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

5

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

2

2019 Attacker Playbook

Ericka Chickowski, Contributing Writer, Dark Reading, 12/14/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

White Papers

Automated Static File Analysis

Reducing the Human Attack Surface with Phishing Simulations

The Year in Security 2018

Shutting Down Banking Trojans

Investigating Malware Threats Within your Network

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......

Cartoon Archive

Current Issue

The Year in Security 2018

This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Sponsored Content] The State of Encryption and How to Improve It

Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.

Download Now!

How Enterprises Are Using IT Threat Intelligence

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20228
PUBLISHED: 2018-12-19

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.

CVE-2018-20230
PUBLISHED: 2018-12-19

An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVE-2018-20231
PUBLISHED: 2018-12-19

Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.

CVE-2018-20227
PUBLISHED: 2018-12-19

RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.

CVE-2018-19790
PUBLISHED: 2018-12-18

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...