Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
6 Ways to Tell an Insider Has Gone Rogue
Jai Vijayan, Freelance writer
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Make Security Boring Again
Joel Fulton, Chief Information Security Officer for SplunkCommentary
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
By Joel Fulton Chief Information Security Officer for Splunk, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Nir Gaist, CTO and Founder of NyotronCommentary
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
By Nir Gaist CTO and Founder of Nyotron, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Newly Found Spectre Variants Bring New Concerns
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR InstituteCommentary
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
By Jack Jones Chairman, FAIR Institute, 7/11/2018
Comment3 comments  |  Read  |  Post a Comment
For Data Thieves, the World Cup Runneth Over
Travis Jarae, Founder & CEO of One World IdentityCommentary
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
By Travis Jarae Founder & CEO of One World Identity, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Trading Platforms Riddled With Severe Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/6/2018
Comment0 comments  |  Read  |  Post a Comment
4 Basic Principles to Help Keep Hackers Out
David Pearson, Principle Threat ResearcherCommentary
The most effective hackers keep things simple, something organizations must take into account.
By David Pearson Principle Threat Researcher, 7/5/2018
Comment3 comments  |  Read  |  Post a Comment
9 SMB Security Trends
Steve Zurier, Freelance Writer
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
By Steve Zurier Freelance Writer, 7/5/2018
Comment1 Comment  |  Read  |  Post a Comment
ThetaRay Raises $30M to Block Money Laundering
Dark Reading Staff, Quick Hits
With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.
By Dark Reading Staff , 7/3/2018
Comment0 comments  |  Read  |  Post a Comment
Secure by Default Is Not What You Think
Tom Thomassen, Senior Staff Engineer of Security, MarkLogicCommentary
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
By Tom Thomassen Senior Staff Engineer of Security, MarkLogic, 6/26/2018
Comment0 comments  |  Read  |  Post a Comment
Secure Code: You Are the Solution to Open Sources Biggest Problem
 Tim Mackey, Technical Evangelist, Black Duck by SynopsysCommentary
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
By Tim Mackey Technical Evangelist, Black Duck by Synopsys, 6/25/2018
Comment2 comments  |  Read  |  Post a Comment
8 Security Tips for a Hassle-Free Summer Vacation
Steve Zurier, Freelance Writer
It's easy to let your guard down when you're away. Hackers know that, too.
By Steve Zurier Freelance Writer, 6/23/2018
Comment3 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security CompassCommentary
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
By Rohit Sethi COO of Security Compass, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Kolina
Current Conversations I have the same fillings about Google's work on this.. Great written
In reply to: ... HA!">Re: Google teaming with ... HA!
Post Your Own Reply
More Conversations
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.