Advertise

News & Commentary

Content tagged with Vulnerability Management posted in March 2014

View Content By Month

Bit Errors & the Internet of Things

Commentary | 3/31/2014 |

7 comments

Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.

'Thingularity' Triggers Security Warnings

News | 3/28/2014 |

Post a comment

The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?

Flying Naked: Why Most Web Apps Leave You Defenseless

Commentary | 3/28/2014 |

14 comments

Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.

A Cyber History Of The Ukraine Conflict

Commentary | 3/27/2014 |

5 comments

The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.

Facebook Builds Its Own Threat Modeling System

Quick Hits | 3/26/2014 |

4 comments

The tool helps the social network gather, store, analyze, and react to the latest threats against it.

View Content by Month

[close this box]

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat Europe - December 5-8 - Learn More

Black Hat Middle East & Africa - November 15-17 - Learn More

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

More Informa Tech Live Events

White Papers

Five Best Practices for AWS Security Monitoring

Sumo Logic for Continuous Intelligence

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

AppSec Considerations For Modern Application Development

Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Black Hat USA 2022 Attendee Report

Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-45454
PUBLISHED: 2022-08-17

Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.

CVE-2022-37459
PUBLISHED: 2022-08-17

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

CVE-2022-2871
PUBLISHED: 2022-08-17

Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.

CVE-2022-1399
PUBLISHED: 2022-08-17

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior ve...

CVE-2022-1400
PUBLISHED: 2022-08-17

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]