Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in February 2019
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
DIY Botnet Detection: Techniques and Challenges
Commentary  |  2/26/2019  | 
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
A 'Cloudy' Future for OSSEC
Commentary  |  2/26/2019  | 
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
Secure the System, Help the User
Commentary  |  2/25/2019  | 
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
New Free Tool Scans for Chrome Extension Safety
Quick Hits  |  2/21/2019  | 
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
6 Tax Season Tips for Security Pros
Slideshows  |  2/19/2019  | 
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Microsoft, Adobe Both Close More Than 70 Security Issues
News  |  2/12/2019  | 
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
Mitigating the Security Risks of Cloud-Native Applications
Commentary  |  2/5/2019  | 
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
Taming the Wild, West World of Security Product Testing
Commentary  |  2/5/2019  | 
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
IoT Security's Coming of Age Is Overdue
Commentary  |  2/4/2019  | 
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-29237
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
CVE-2022-29242
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
CVE-2022-29246
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
CVE-2022-29567
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
CVE-2022-30457
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.