Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in November 2018
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
To Stockpile or Not to Stockpile Zero-Days?
Commentary  |  11/21/2018  | 
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
News  |  11/20/2018  | 
A solid response and reputation management program will go a long way in surviving a major breach.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
95% of Organizations Have Cultural Issues Around Cybersecurity
Commentary  |  11/16/2018  | 
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
Cyber Crooks Diversify Business with Multi-Intent Malware
Commentary  |  11/15/2018  | 
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Understanding Evil Twin AP Attacks and How to Prevent Them
Commentary  |  11/14/2018  | 
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
To Click or Not to Click: The Answer Is Easy
Commentary  |  11/14/2018  | 
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
2018 on Track to Be One of the Worst Ever for Data Breaches
News  |  11/12/2018  | 
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
Why Password Management and Security Strategies Fall Short
News  |  11/7/2018  | 
Researchers say companies need to rethink their password training and take a more holistic approach to security.
5 Reasons Why Threat Intelligence Doesn't Work
Commentary  |  11/7/2018  | 
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
Tackling Cybersecurity from the Inside Out
Commentary  |  11/2/2018  | 
New online threats require new solutions.
Not Every Security Flaw Is Created Equal
Commentary  |  11/1/2018  | 
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38562
PUBLISHED: 2021-10-18
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2021-41611
PUBLISHED: 2021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed ...
CVE-2021-42565
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
CVE-2021-42566
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
CVE-2021-36097
PUBLISHED: 2021-10-18
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.