Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
PJ Kirner, CTO & Founder, IllumioCommentary
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
By PJ Kirner CTO & Founder, Illumio, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
DevOps Demystified: A Primer for Security Practitioners
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Key starting points for those still struggling to understand the concept.
By John B. Dickson CISSP, Principal, Denim Group, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
The Weakest Security Links in the (Block)Chain
Drew Peck & Tim Butler, Executive Director and CEO & Founder of TegoCommentary
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
By Drew Peck & Tim Butler Executive Director and CEO & Founder of Tego, 9/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Thoughts on the Latest Apache Struts Vulnerability
 Tim Mackey, Technical Evangelist, Black Duck by SynopsysCommentary
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.
By Tim Mackey Technical Evangelist, Black Duck by Synopsys, 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
Lean, Mean & Agile Hacking Machine
Derek Manky, Global Security Strategist, FortinetCommentary
Hackers are thinking more like developers to evade detection and are becoming more precise in their targeting.
By Derek Manky Global Security Strategist, Fortinet, 9/4/2018
Comment0 comments  |  Read  |  Post a Comment
Proof-of-Concept Released for Apache Struts Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Python script for easier exploitation of the flaw is now available as well on Github.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/27/2018
Comment6 comments  |  Read  |  Post a Comment
A False Sense of Security
Steve Durbin, Managing Director of the Information Security ForumCommentary
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
By Steve Durbin Managing Director of the Information Security Forum, 8/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Embedding Security into the DevOps Toolchain
Dave Meltzer, Chief Technology Officer at TripwireCommentary
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
By Dave Meltzer Chief Technology Officer at Tripwire, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
Building Security into the DevOps Pipeline
Dark Reading Staff, CommentaryVideo
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Staff, CommentaryVideo
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
New PHP Exploit Chain Highlights Dangers of Deserialization
Ericka Chickowski, Contributing Writer, Dark ReadingNews
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Open Source Software Poses a Real Security Threat
Jeff Williams, CTO, Contrast SecurityCommentary
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
By Jeff Williams CTO, Contrast Security, 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPNCommentary
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
By Francis Dinha CEO & Co-Founder of OpenVPN, 8/13/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Threats Lurking on the Dark Web
Steve Zurier, Freelance Writer
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
By Steve Zurier Freelance Writer, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of New Linux Kernel Vulnerability
Dark Reading Staff, Quick Hits
Patches now available to prevent DoS attack on Linux systems.
By Dark Reading Staff , 8/7/2018
Comment0 comments  |  Read  |  Post a Comment
Is SMS 2FA Enough Login Protection?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
Power Grid Security: How Safe Are We?
Cameron Camp, ESET Security ResearcherCommentary
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
By Cameron Camp ESET Security Researcher, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17338
PUBLISHED: 2018-09-23
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.
CVE-2018-17341
PUBLISHED: 2018-09-23
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.