Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
5 Essentials for Securing and Managing Windows 10
Josh Mayfield, Director of Security Strategy at AbsoluteCommentary
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
By Josh Mayfield Director of Security Strategy at Absolute, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
IT Security Administrators Aren't Invincible
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
IT security administrators and their teams are responsible for evaluating an organization's security tools and technologies, but are they armed with the proper tools, considerations, and budget to do so? Fourth in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
It's Time to Rethink Your Vendor Questionnaire
Kelly White, Founder and CEO of RiskReconCommentary
To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.
By Kelly White Founder and CEO of RiskRecon, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
Sara Peters, Senior Editor at Dark ReadingNews
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
By Sara Peters Senior Editor at Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Care and Feeding of Your SIEM
Shane MacDougall, Senior Security Engineer at Mosaic451Commentary
Six simple steps to mitigate the grunt work and keep your organization safe.
By Shane MacDougall Senior Security Engineer at Mosaic451, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence: The Terminator of Malware
Chris Rouland, Co-Founder and Chief Executive Officer at Phosphorus CybersecurityCommentary
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
By Chris Rouland Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Here's What Happened When a SOC Embraced Automation
Heather Hixon,  Senior Solutions Architect, DFLabsCommentary
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Experts, Not Users, Are the Weakest Link
Ira Winkler, CISSP, President, Secure MentemCommentary
CISOs: Stop abdicating responsibility for problems with users it's part of your job.
By Ira Winkler CISSP, President, Secure Mentem, 3/1/2019
Comment11 comments  |  Read  |  Post a Comment
Stay Ahead of the Curve by Using AI in Compliance
Eric Winston, Executive Vice President, General Counsel, and Chief Ethics and Compliance Officer at MphasisCommentary
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
By Eric Winston Executive Vice President, General Counsel, and Chief Ethics and Compliance Officer at Mphasis, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
DIY Botnet Detection: Techniques and Challenges
Johnathan Azaria, Data Scientist and Security Researcher at ImpervaCommentary
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
By Johnathan Azaria Data Scientist and Security Researcher at Imperva, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
A 'Cloudy' Future for OSSEC
Scott Shinn, Founder & CTO, AtomicorpCommentary
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
By Scott Shinn Founder & CTO, Atomicorp, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
Secure the System, Help the User
John Carbo, Director of Information Security at Abacus GroupCommentary
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
By John Carbo Director of Information Security at Abacus Group, 2/25/2019
Comment0 comments  |  Read  |  Post a Comment
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff, Quick Hits
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
By Dark Reading Staff , 2/21/2019
Comment2 comments  |  Read  |  Post a Comment
Security Analysts Are Only Human
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/21/2019
Comment15 comments  |  Read  |  Post a Comment
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff 3/12/2019
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.