Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in October 2020
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
News  |  10/29/2020  | 
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
Rethinking Security for the Next Normal -- Under Pressure
Commentary  |  10/28/2020  | 
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
Physical Security Has a Lot of Catching Up to Do
Commentary  |  10/28/2020  | 
The transformation we need: merging the network operations center with the physical security operations center.
MITRE Shield Matrix Highlights Deception & Concealment Technology
Commentary  |  10/27/2020  | 
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
News  |  10/27/2020  | 
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Commentary  |  10/26/2020  | 
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Commentary  |  10/20/2020  | 
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Trickbot, Phishing, Ransomware & Elections
Commentary  |  10/19/2020  | 
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
Cybercrime Losses Up 50%, Exceeding $1.8B
Commentary  |  10/16/2020  | 
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
Overcoming the Challenge of Shorter Certificate Lifespans
Commentary  |  10/15/2020  | 
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
The Ruthless Cyber Chaos of Business Recovery
Commentary  |  10/15/2020  | 
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
Assuring Business Continuity by Reducing Malware Dwell Time
Commentary  |  10/14/2020  | 
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
Online Voting Is Coming, but How Secure Will It Be?
Commentary  |  10/13/2020  | 
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
A 7-Step Cybersecurity Plan for Healthcare Organizations
Slideshows  |  10/12/2020  | 
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
Apple Pays Bug Bounty to Enterprise Network Researchers
Quick Hits  |  10/9/2020  | 
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Commentary  |  10/8/2020  | 
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
The New War Room: Cybersecurity in the Modern Era
Commentary  |  10/7/2020  | 
The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.
10 Years Since Stuxnet: Is Your Operational Technology Safe?
Commentary  |  10/6/2020  | 
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.
Do's and Don'ts for School Cybersecurity Awareness
Commentary  |  10/6/2020  | 
Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Commentary  |  10/1/2020  | 
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.
Cryptojacking: The Unseen Threat
Commentary  |  10/1/2020  | 
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...