Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Must Reads

7 Threats & Disruptive Forces Changing the Face of Cybersecurity
Publish Date: Aug 12,2019
Building and Managing an IT Security Operations Program
Publish Date: May 15,2019
5 Emerging Cyber Threats to Watch for in 2019
Publish Date: Feb 7,2019
The Year in Security 2018
Publish Date: Dec 7,2018
10 Best Practices That Could Reshape Your IT Security Department
Publish Date: Nov 6,2018
10 Emerging Threats Every Enterprise Should Know About
Publish Date: Aug 16,2018
The Biggest Cybersecurity Breaches of 2018 (So Far)
Publish Date: Jul 23,2018
The Changing Role of the CISO
Publish Date: May 21,2018
How to Cope with the IT Security Skills Shortage
Publish Date: Feb 12,2018
The Year in Security: 2017
Publish Date: Dec 12,2017
Managing Cyber-Risk
Publish Date: Oct 25,2017
Security Vulnerabilities: The Next Wave
Publish Date: Jul 19,2017
Security Operations and IT Operations: Finding the Path to Collaboration
Publish Date: Apr 19,2017
5 Security Technologies to Watch in 2017
Publish Date: Jan 18,2017
Five Things Every Business Executive Should Know About Cybersecurity
Publish Date: Dec 6,2016
Five Emerging Security Threats - And What You Can Learn From Them
Publish Date: Aug 9,2016
The Changing Face of Identity Management
Publish Date: Jul 26,2016
DNS Threats: What Every Enterprise Should Know
Publish Date: Jun 28,2016
How To Build An Effective Defense Against Ransomware
Publish Date: Jun 21,2016
8 Key Building Blocks for Enterprise Network Defense
Publish Date: May 10,2016
Understanding & Managing the Mobile Security Threat
Publish Date: Mar 15,2016
E-Commerce Security: What Every Enterprise Needs to Know
Publish Date: Nov 2,2015
Dark Reading Tech Digest September 7, 2015
Publish Date: Sep 7,2015
Dark Reading Tech Digest, June 2015
Publish Date: Jun 1,2015
Dark Reading - March 2, 2015
Publish Date: Mar 2,2015
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...