Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
8 Security Tips for a Hassle-Free Summer Vacation
Steve Zurier, Freelance Writer
It's easy to let your guard down when you're away. Hackers know that, too.
By Steve Zurier Freelance Writer, 6/23/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security CompassCommentary
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
By Rohit Sethi COO of Security Compass, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/15/2018
Comment3 comments  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
What Meltdown and Spectre Mean for Mobile Device Security
JT Keating, Vice President of Product Strategy at ZimperiumCommentary
Here are four tips to keep your mobile users safe from similar attacks.
By JT Keating Vice President of Product Strategy at Zimperium, 4/30/2018
Comment4 comments  |  Read  |  Post a Comment
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment1 Comment  |  Read  |  Post a Comment
New Email Campaign Employs Malicious URLs
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
Study Finds Petabytes of Sensitive Data Open to the Internet
Dark Reading Staff, Quick Hits
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
By Dark Reading Staff , 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
New DARPA Contract Looks to Avoid Another 'Meltdown'
Dark Reading Staff, Quick Hits
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
By Dark Reading Staff , 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Panera Bread Leaves Millions of Customer Records Exposed Online
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2018
Comment1 Comment  |  Read  |  Post a Comment
780 Days in the Life of a Computer Worm
Javvad Malik, Security Advocate at AlienVaultCommentary
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
By Javvad Malik Security Advocate at AlienVault, 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
The Overlooked Problem of 'N-Day' Vulnerabilities
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
By Ang Cui Founder & CEO, Red Balloon Security, 3/26/2018
Comment0 comments  |  Read  |  Post a Comment
Is Application Security Dead?
Tyler Shields,  VP of Portfolio Strategy at CA TechnologiesCommentary
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
By Tyler Shields VP of Portfolio Strategy at CA Technologies, 3/22/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.