Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in March 2020
Patching Poses Security Problems with Move to More Remote Work
News  |  3/31/2020  | 
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
How Much Downtime Can Your Company Handle?
Commentary  |  3/31/2020  | 
Why every business needs cyber resilience and quick recovery times.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
From Zero to Hero: CISO Edition
Commentary  |  3/23/2020  | 
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
Cyber Resilience Benchmarks 2020
Commentary  |  3/19/2020  | 
Here are four things that separate the leaders from the laggards when fighting cyber threats.
Facebook Got Tagged, but Not Hard Enough
Commentary  |  3/18/2020  | 
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
Needed: A Cybersecurity Good Samaritan Law
Commentary  |  3/17/2020  | 
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
News  |  3/16/2020  | 
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Commentary  |  3/13/2020  | 
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
3 Tips to Stay Secure When You Lose an Employee
Commentary  |  3/10/2020  | 
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
Commentary  |  3/9/2020  | 
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
Threat Awareness: A Critical First Step in Detecting Adversaries
Commentary  |  3/9/2020  | 
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
Securing Our Elections Requires Change in Technology, People & Attitudes
Commentary  |  3/6/2020  | 
Increasing security around our election process and systems will take a big effort from many different parties. Here's how.
6 Steps CISOs Should Take to Secure Their OT Systems
Commentary  |  3/5/2020  | 
The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.
Advanced Tech Needs More Ethical Consideration & Security
Commentary  |  3/5/2020  | 
Unintended consequences and risks need board-level attention and action.
EternalBlue Longevity Underscores Patching Problem
News  |  3/4/2020  | 
Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.
3 Ways to Strengthen Your Cyber Defenses
Commentary  |  3/4/2020  | 
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
The Cybercrime Pandemic Keeps Spreading
Commentary  |  3/3/2020  | 
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...