Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerability Management
Page 1 / 2   >   >>
FragAttacks Foil 2 Decades of Wireless Security
News  |  8/6/2021  | 
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
News  |  8/5/2021  | 
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
News  |  8/5/2021  | 
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
7 Ways AI and ML Are Helping and Hurting Cybersecurity
Commentary  |  7/19/2021  | 
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
4 Future Integrated Circuit Threats to Watch
Commentary  |  7/16/2021  | 
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
News  |  7/15/2021  | 
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
How to Bridge On-Premises and Cloud Identity
Commentary  |  7/15/2021  | 
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
News  |  7/14/2021  | 
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
Did the Cybersecurity Workforce Gap Distract Us From the Leak?
Commentary  |  7/14/2021  | 
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
4 Integrated Circuit Security Threats and How to Protect Against Them
Commentary  |  7/14/2021  | 
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
Why We Need to Raise the Red Flag Against FragAttacks
Commentary  |  7/13/2021  | 
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
AI and Cybersecurity: Making Sense of the Confusion
Commentary  |  7/12/2021  | 
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
New WildPressure Malware Capable of Targeting Windows and MacOS
Quick Hits  |  7/8/2021  | 
The Trojan sends information back to the attackers' servers about the programming language of a target device.
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln
News  |  7/7/2021  | 
It urges organizations to immediately apply security update, citing exploit activity.
It's High Time for a Security Scoring System for Applications and Open Source Libraries
Commentary  |  7/6/2021  | 
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.
Watch for Cybersecurity Games at the Tokyo Olympics
Commentary  |  7/5/2021  | 
The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.
SOC Investment Improves Detection and Response Times, Data Shows
Quick Hits  |  7/2/2021  | 
A survey of IT and security pros finds many are confident in their ability to detect security incidents in near-real time or within minutes.
GitHub Unveils AI Tool to Speed Development, but Beware Insecure Code
News  |  7/1/2021  | 
The company has created an AI system, dubbed Copilot, to offer code suggestions to developers, but warns that any code produced should be tested for defects and vulnerabilities.
Google Updates Vulnerability Data Format to Support Automation
News  |  6/29/2021  | 
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
Survey Data Reveals Gap in Americans' Security Awareness
Quick Hits  |  6/29/2021  | 
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
3 Ways Cybercriminals Are Undermining MFA
Commentary  |  6/29/2021  | 
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
Amazon Acquires Secure Messaging Platform Wickr
Quick Hits  |  6/25/2021  | 
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.
Preinstalled Firmware Updater Puts 128 Dell Models at Risk
News  |  6/24/2021  | 
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
Boardroom Perspectives on Cybersecurity: What It Means for You
Commentary  |  6/24/2021  | 
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Commentary  |  6/23/2021  | 
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Commentary  |  6/23/2021  | 
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
Majority of Web Apps in 11 Industries Are Vulnerable All the Time
News  |  6/22/2021  | 
Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
Software-Container Supply Chain Sees Spike in Attacks
News  |  6/21/2021  | 
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
Data Leaked in Fertility Clinic Ransomware Attack
Quick Hits  |  6/21/2021  | 
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.
4 Habits of Highly Effective Security Operators
Commentary  |  6/18/2021  | 
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Commentary  |  6/17/2021  | 
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Mission Critical: What Really Matters in a Cybersecurity Incident
Commentary  |  6/17/2021  | 
The things you do before and during a cybersecurity incident can make or break the success of your response.
Security Flaw Discovered In Peloton Equipment
Quick Hits  |  6/16/2021  | 
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
Andariel Group Targets South Korean Entities in New Campaign
Quick Hits  |  6/15/2021  | 
Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.
How Does the Government Buy Its Cybersecurity?
Commentary  |  6/15/2021  | 
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
Commentary  |  6/14/2021  | 
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
News  |  6/11/2021  | 
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
Secure Access Trade-offs for DevSecOps Teams
Commentary  |  6/11/2021  | 
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
NY & Mass. Transportation Providers Targeted in Recent Attacks
Quick Hits  |  6/3/2021  | 
New York's Metropolitan Transportation Authority and the Steamship Authority of Massachusetts were both victims of cyberattacks.
The True Cost of a Ransomware Attack
Commentary  |  6/3/2021  | 
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Commentary  |  6/3/2021  | 
Why business leaders must adopt a risk-led approach to cybersecurity.
Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in
Quick Hits  |  6/2/2021  | 
The plug-in under active attack has been installed on more than 17,000 websites, say researchers.
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Commentary  |  6/2/2021  | 
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
Processor Morphs Its Architecture to Make Hacking Really Hard
News  |  6/2/2021  | 
Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.
Meat Producer JBS USA Hit By Ransomware Attack
Quick Hits  |  6/1/2021  | 
The company says recovery from the attack may delay transactions with customers and suppliers.
CISO Confidence Is Rising, but Issues Remain
Commentary  |  6/1/2021  | 
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Quick Hits  |  5/28/2021  | 
A new study examines the tools and technologies driving investment and activities for security operations centers.
Plug-ins for Code Editors Pose Developer-Security Threat
News  |  5/28/2021  | 
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40690
PUBLISHED: 2021-09-19
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract...
CVE-2021-41073
PUBLISHED: 2021-09-19
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-23441
PUBLISHED: 2021-09-19
All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.