News & Commentary

Latest Content tagged with Vulnerability Management
Page 1 / 2   >   >>
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Slideshows  |  3/20/2018
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018
An unnamed power company has consented to a record fine for leaving critical records exposed.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals. Goes Away, Panic Ensues
Quick Hits  |  3/5/2018
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Vulnerabilities Broke Records Yet Again in 2017
News  |  2/20/2018
Meanwhile, organizations still struggle to manage remediation.
Cisco Issues New Patch for Critical ASA Vulnerability
Quick Hits  |  2/7/2018
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Quick Hits  |  1/26/2018
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
9 Steps to More-Effective Organizational Security
Commentary  |  1/22/2018
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
Doh!!! The 10 Most Overlooked Security Tasks
Slideshows  |  1/16/2018
Heres a list of gotchas that often slip past overburdened security pros.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018
A company's ability to successfully reduce risk starts with building a solid security foundation.
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018
We're fighting the good fight -- but, ultimately, losing the war.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
6 Personality Profiles of White-Hat Hackers
Slideshows  |  12/5/2017
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking most just like the challenge.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
Frequent Software Releases, Updates May Injure App Security
News  |  11/13/2017
The more frequently you release apps, the more security vulnerabilities you are likely to introduce in the code, a new study confirms.
6 Steps for Sharing Threat Intelligence
Slideshows  |  11/10/2017
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
Siemens Teams Up with Tenable
News  |  11/8/2017
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
News  |  10/26/2017
Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017
Huge companies like Equifax can stumble over basic technical issues. Here's why.
The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
News  |  10/20/2017
Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
SecureAuth to Merge with Core Security
News  |  9/20/2017
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017
Security leaders can learn some valuable lessons from a real-life military model.
How to Use Purple Teaming for Smarter SOCs
How to Use Purple Teaming for Smarter SOCs
Dark Reading Videos  |  9/7/2017
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
News  |  8/30/2017
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
News  |  8/28/2017
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
DoJ Launches Framework for Vulnerability Disclosure Programs
Quick Hits  |  8/3/2017
The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.