Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerability Management
Page 1 / 2   >   >>
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Commentary  |  9/29/2020  | 
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
News  |  9/24/2020  | 
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Commentary  |  9/23/2020  | 
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
CISA Joins MITRE to Issue Vulnerability Identifiers
News  |  9/16/2020  | 
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Simplify Your Privacy Approach to Overcome CCPA Challenges
Commentary  |  9/15/2020  | 
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
More Printers Could Mean Security Problems for Home-Bound Workers
News  |  9/14/2020  | 
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
Fraud Prevention During the Pandemic
Commentary  |  9/11/2020  | 
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Ripple20 Malware Highlights Industrial Security Challenges
Commentary  |  9/10/2020  | 
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
The Hidden Security Risks of Business Applications
Commentary  |  9/4/2020  | 
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
Fake Data and Fake Information: A Treasure Trove for Defenders
Commentary  |  9/3/2020  | 
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
5 Tips for Triaging Risk from Exposed Credentials
Slideshows  |  9/2/2020  | 
Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.
Testing & Automation Pay Off for NSA's DevSecOps Project
News  |  8/31/2020  | 
Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.
From Defense to Offense: Giving CISOs Their Due
Commentary  |  8/31/2020  | 
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
How CISOs Can Play a New Role in Defining the Future of Work
Commentary  |  8/27/2020  | 
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
The Fatal Flaw in Data Security
Commentary  |  8/25/2020  | 
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
Average Cost of a Data Breach in 2020: $3.86M
Commentary  |  8/24/2020  | 
When companies defend themselves against cyberattacks, time is money.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Commentary  |  8/21/2020  | 
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
Smart-Lock Hacks Point to Larger IoT Problems
News  |  8/20/2020  | 
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
Fuzzing Services Help Push Technology into DevOps Pipeline
News  |  8/19/2020  | 
As part of a continuous testing approach, fuzzing has evolved to provide in-depth code checks for unknown vulnerabilities before deployment.
Newly Patched Alexa Flaws a Red Flag for Home Workers
News  |  8/19/2020  | 
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
Why Quality & Security Both Matter in Software
Commentary  |  8/18/2020  | 
It's time to position quality and security as equals under the metric of software integrity.
Firms Still Struggle to Prioritize Security Vulnerabilities
News  |  8/17/2020  | 
Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows.
The IT Backbone of Cybercrime
Commentary  |  8/17/2020  | 
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
News  |  8/12/2020  | 
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
How to Help Spoil the Cybercrime Economy
Commentary  |  8/11/2020  | 
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
Vulnerability Prioritization: Are You Getting It Right?
Commentary  |  8/10/2020  | 
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Counting for Good: Hardware Counters Un-mask Malware
News  |  8/6/2020  | 
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
News  |  8/5/2020  | 
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
News  |  8/5/2020  | 
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
HealthScare: Prioritizing Medical AppSec Research
News  |  8/5/2020  | 
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
Retooling the SOC for a Post-COVID World
Commentary  |  8/4/2020  | 
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Commentary  |  7/23/2020  | 
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Commentary  |  7/22/2020  | 
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Commentary  |  7/21/2020  | 
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
What Organizations Need to Know About IoT Supply Chain Risk
Commentary  |  7/20/2020  | 
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Commentary  |  7/16/2020  | 
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...