Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in April 2018
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018  | 
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
The Role of KPIs in Incident Response
Commentary  |  4/18/2018  | 
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018  | 
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Study Finds Petabytes of Sensitive Data Open to the Internet
Quick Hits  |  4/6/2018  | 
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
New DARPA Contract Looks to Avoid Another 'Meltdown'
Quick Hits  |  4/4/2018  | 
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
Panera Bread Leaves Millions of Customer Records Exposed Online
News  |  4/3/2018  | 
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...