Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
95% of Organizations Have Cultural Issues Around Cybersecurity
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
From Reactive to Proactive: Security as the Bedrock of the SDLC
Brian Rutledge, Principal Security Manager at SpanningCommentary
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
By Brian Rutledge Principal Security Manager at Spanning, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 11/14/2018
Comment1 Comment  |  Read  |  Post a Comment
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writerNews
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
By Jai Vijayan Freelance writer, 11/12/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Cool New Security Tools to be Revealed at Black Hat Europe
Ericka Chickowski, Contributing Writer, Dark Reading
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Oege de Moor, CEO and Co-Founder at SemmleCommentary
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
By Oege de Moor CEO and Co-Founder at Semmle, 11/8/2018
Comment1 Comment  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIPCommentary
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
By Jonathan Zhang CEO/Founder of WhoisXML API and TIP, 11/7/2018
Comment2 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Tackling Cybersecurity from the Inside Out
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
New online threats require new solutions.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/2/2018
Comment0 comments  |  Read  |  Post a Comment
Not Every Security Flaw Is Created Equal
Chris Eng, VP Research, Veracode, Commentary
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
By Chris Eng, VP Research, Veracode , 11/1/2018
Comment0 comments  |  Read  |  Post a Comment
10 Steps for Creating Strong Customer Authentication
Marco Lafrentz, VP of ICMS and CPaaS Business Line at tyntecCommentary
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
By Marco Lafrentz VP of ICMS and CPaaS Business Line at tyntec, 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec Is Dead, but Software Security Is Alive & Well
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
Application security must be re-envisioned to support software security. It's time to shake up your processes.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 10/29/2018
Comment2 comments  |  Read  |  Post a Comment
3 Keys to Reducing the Threat of Ransomware
Joe Merces, CEO at Cloud DaddyCommentary
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
By Joe Merces CEO at Cloud Daddy, 10/26/2018
Comment9 comments  |  Read  |  Post a Comment
Tackling Supply Chain Threats
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
By Ang Cui Founder & CEO, Red Balloon Security, 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
Benefits of DNS Service Locality
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.