News & Commentary
Latest Content tagged with Vulnerability Management
Page 1 / 2   >   >>
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Major Websites Vulnerable to their Own Back-End Servers
News  |  6/19/2017  | 
DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
Survey: 58% of Security and Development Teams Play Nice
Quick Hits  |  6/14/2017  | 
Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.
Your Information Isn't Being Hacked, It's Being Neglected
Commentary  |  6/9/2017  | 
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
Security & Development: Better Together
Commentary  |  6/1/2017  | 
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
DNS Is Still the Achilles Heel of the Internet
Partner Perspectives  |  6/1/2017  | 
Domain Name Services is too important to do without, so we better make sure its reliable and incorruptible
4 Reasons the Vulnerability Disclosure Process Stalls
Commentary  |  5/24/2017  | 
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Microsoft Releases Emergency Patch For RCE Vuln
News  |  5/9/2017  | 
Flaw in Microsoft Malware Protection Engine called 'crazy bad' by researchers who discovered it.
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Commentary  |  4/12/2017  | 
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
How Innovative Companies Lock Down Data
Commentary  |  4/12/2017  | 
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
Forget the Tax Man: Time for a DNS Security Audit
Slideshows  |  4/11/2017  | 
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
FCC Privacy Rule Repeal Will Have Widespread Security Implications
News  |  4/4/2017  | 
Concerns over the action are sending VPN sales soaring, some vendors say.
Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0
Quick Hits  |  3/30/2017  | 
Microsoft recommends upgrade to latest operating system for more protection.
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Slideshows  |  3/23/2017  | 
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
Cisco Issues Advisory on Flaw in Hundreds of Switches
Quick Hits  |  3/21/2017  | 
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
Canada Takes Tax Site Offline After Apache Struts Attacks
Quick Hits  |  3/14/2017  | 
Hackers exploit vulnerability in Apache Struts 2 software of Statistics Canada but no damage done.
Trojan Android App Bullies Google Play Users Into Giving It 5 Stars
Quick Hits  |  3/9/2017  | 
Users who download "Music Mania" get pounded by ads until they say uncle.
Users Can Now Time Their Windows 10 Updates
Quick Hits  |  3/6/2017  | 
Microsoft gives option to users to fix security update schedule within three days of notification.
HackerOne Offers Free Service for Open Source Projects
Quick Hits  |  3/3/2017  | 
Service aims to provide efficient security programs but projects must meet certain rules to qualify for it.
End-Of-Life Software Alive And Well On US PCs
News  |  2/23/2017  | 
7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows.
New Bug Bounty Program Targets IoT Security
News  |  2/13/2017  | 
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
Facebook Aims To Shape Stronger Security Practices
News  |  2/8/2017  | 
Facebook is among social platforms focusing on security as social media poses a growing risk to individuals and businesses.
Enterprise Android Vs iOS: Which is More Secure?
Commentary  |  2/7/2017  | 
The answer is not as simple as you think. A mobile security expert parses the pros and cons.
Vulnerabilities Hit High Water Mark in 2016
News  |  2/6/2017  | 
The good news is that coordinated disclosure keeps getting better.
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
News  |  1/10/2017  | 
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
'Zero Trust': The Way Forward in Cybersecurity
Commentary  |  1/10/2017  | 
This approach to network design can cut the chance of a breach.
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
News  |  12/15/2016  | 
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Quick Hits  |  12/14/2016  | 
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
News  |  11/17/2016  | 
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Partner Perspectives  |  11/17/2016  | 
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Commentary  |  11/16/2016  | 
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Commentary  |  11/15/2016  | 
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
TAG Unveils Anti-Malware Certification For Online Ad Industry
Quick Hits  |  11/15/2016  | 
As the ad industry continues its fight against malware, the Trustworthy Accountability Group launches a threat-sharing hub to provide intelligence on attacks.
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Commentary  |  11/14/2016  | 
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
How Security Scorecards Advance Security, Reduce Risk
Commentary  |  11/10/2016  | 
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
US Governors Affirm Confidence In Cybersecurity Of Election Systems
Quick Hits  |  11/7/2016  | 
Statement from National Governors Association say presidential election outcome will accurately reflect voters choice.
WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
News  |  11/2/2016  | 
Vulnerabilities in Belkin's WeMo home automation device, now fixed, could exploit Android smartphones or grant root to WeMo.
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Quick Hits  |  11/1/2016  | 
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
A Proactive Approach To Vulnerability Management: 3 Steps
Commentary  |  10/22/2016  | 
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Quick Hits  |  10/20/2016  | 
Proposed standards will require financial firms to recover from any cyberattack within two hours.
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
Certifying Software: Why Were Not There Yet
Commentary  |  10/12/2016  | 
Finding a solution to the software security and hygiene problem will take more than an Underwriters Lab seal of approval.
US-CERT Cautions Against Phishing Scams In Aftermath Of Hurricane Matthew
Quick Hits  |  10/12/2016  | 
The government agency for cyber protection provides steps to follow before opening links or attachments with Hurricane Matthew tag.
PwC Study Finds Greater Trust In Cloud, More Security Spend
News  |  10/6/2016  | 
Businesses are more comfortable with the cloud and have increased their security spending, but still face a shortage of skilled cybersecurity workers.
Researcher Roots Out Security Flaws In Insulin Pumps
News  |  10/4/2016  | 
Jay Radcliffe, researcher and diabetic who found the flaws in Johnson & Johnson Animas OneTouch Ping insulin pump, 'would not hesitate' to allow his own children be treated by the device if they were diabetic and advised to do so by physicians.
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
An Open-Source Security Maturity Model
An Open-Source Security Maturity Model
Dark Reading Videos  |  9/23/2016  | 
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
Biometric Skimmers Pose Emerging Threat To ATMs
News  |  9/22/2016  | 
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.